0441374a0bb6d9f7e95af29ecf4de940_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0441374a0bb6d9f7e95af29ecf4de940_JaffaCakes118
Size

87KB
MD5

0441374a0bb6d9f7e95af29ecf4de940
SHA1

bab3c681df4938aeb01a930bc2a62bf8cc6942aa
SHA256

760d98fad9c9f9cd256cef478a0dc3217ce3195896f881a6b1902bea15a546f8
SHA512

e594d12547a8b70bee36d252164747eb802f54f38e089107fd93497e0917a2fc851f5d6a589619dbc15a6bc8029090663b0246be5165e9733f1b5ce51dc06c1d
SSDEEP

1536:cOHYqeY4wKTCxQhldQi2GZdB8DBJu2ybhuRP:fHYqeYNKTCxilairF8dybh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0441374a0bb6d9f7e95af29ecf4de940_JaffaCakes118

Files

0441374a0bb6d9f7e95af29ecf4de940_JaffaCakes118
.exe windows:1 windows x86 arch:x86

0d6fd6284ac109b5985f14ef8da22738

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CharNextA
CharToOemA
CharUpperA
LoadStringA
OemToCharA

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

kernel32

CloseHandle
CreateEventA
CreateFileA
CreateThread
DeleteCriticalSection
DeleteFileA
EnterCriticalSection
ExitProcess
ExitThread
FlushFileBuffers
FreeEnvironmentStringsA
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetCurrentDirectoryA
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentStrings
GetEnvironmentVariableA
GetFileAttributesA
GetFileType
GetFullPathNameA
GetLastError
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetOEMCP
GetPrivateProfileStringA
GetProcAddress
GetStdHandle
GetSystemDefaultLangID
GetSystemDirectoryA
GetVersion
GetWindowsDirectoryA
InitializeCriticalSection
IsBadReadPtr
IsDBCSLeadByte
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
ReadConsoleInputA
ReadFile
SetConsoleCtrlHandler
SetConsoleMode
SetEnvironmentVariableA
SetEnvironmentVariableW
SetErrorMode
SetEvent
SetFilePointer
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteConsoleA
WriteFile
lstrcpyA
lstrlenA

dbtool7

_DBErase@4
_DBToolsFini@4
_DBToolsInit@4

Exports

Exports

W?callback_confirm$n(pna)s
W?callback_error$n(pna)s
W?callback_msg$n(pna)s
W?callback_status$n(pna)s
W?callback_usage$n(pna)s

Sections

AUTO
Size: 61KB - Virtual size:

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DGROUP
Size: 17KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 5KB - Virtual size:

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.WYCao
Size: 1B - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0d6fd6284ac109b5985f14ef8da22738

Headers

File Characteristics

Imports

user32

advapi32

kernel32

dbtool7

Exports

Exports

Sections

AUTO Size: 61KB - Virtual size:

.idata Size: 2KB - Virtual size:

DGROUP Size: 17KB - Virtual size:

.bss Size: 5KB - Virtual size:

.edata Size: 512B - Virtual size:

.reloc Size: 4KB - Virtual size:

.WYCao Size: 1B - Virtual size: 15KB

AUTO
Size: 61KB - Virtual size:

.idata
Size: 2KB - Virtual size:

DGROUP
Size: 17KB - Virtual size:

.bss
Size: 5KB - Virtual size:

.edata
Size: 512B - Virtual size:

.reloc
Size: 4KB - Virtual size:

.WYCao
Size: 1B - Virtual size: 15KB